FTP: cURL Malicious Server Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the cURL file retrieval client. cURL 6.1 to 7.4 versions are vulnerable. Attackers can use a malicious server to connect to the cURL client and execute arbitrary code with the permissions of the cURL user.
Extended Description
Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD (prior to 4.2 release). Note that cURL runs on other platforms as well, and earlier versions may be also vulnerable. Curl's error-logging feature improperly tests the size of generated error messages, which are sent from a remote host. A malicious remote server could send a maliciously-formed response to a request from curl, designed to exceed the maximum length of the error buffer. The contents of this oversized buffer, when copied onto the stack, can potentially overwrite the calling functions' return address. This can alter the program's flow of execution and result in arbitrary code being run on the client host.
Affected Products
Daniel_stenberg curl
Short Name
FTP:CURL-OF-BANNER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
Buffer CVE-2000-0973 Malicious Overflow Server bid:1804 cURL
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Daniel_stenberg
CVSS Score
10.0